Comments on: Support desk scams: CLSID not unique http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: Charlie http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-11980 Wed, 29 Jan 2014 23:15:00 +0000 http://blog.eset.com/?p=8720#comment-11980 I just got the call a few minutes ago, same as the rest. I run a computer repair business and was aware of this scam for a long time so when the phone rang I wanted to see how they actually could get someone to allow them access to their computer. After reading me the CLSID number at the bottom of the ASSOC I told her that the number she read was not the same as the one I had on my computer. She started to argue saying that she knew this was the number and I had serious infections on my computer. I told her that all computers have that same number and she didn’t know anything, at that point she hung up on me. I hope she puts me on a no call list…..lol

]]>
By: David Harley http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-11979 Tue, 28 Jan 2014 07:31:00 +0000 http://blog.eset.com/?p=8720#comment-11979 There seems to be a typo in the article, which I can’t correct at the moment. It’s HKEY_CLASSES_ROOTCLSID, But it just gives the default GUID {0000031A-0000-0000-C000-000000000046}.And it’s not stuff you want to do anything with unless you really know what you’re doing.

]]>
By: peter http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-11978 Tue, 28 Jan 2014 05:14:00 +0000 http://blog.eset.com/?p=8720#comment-11978 Hello,

A big thank you for describing the CLSID scam. This also happened to about an hour or so ago.

So, I typed in the the Windows command {cmd, assoc}. Indeed, I got the CLSID code that you mentioned in your article.

Then, I wanted to recover this code from my Win XP registry. In other words, I tried to read the registry key at,

HKEY_CLASSES_ROOTCLSID

What did I do wrong ?

Looking forward to hearing from you.

-peter

]]>
By: Nabi http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-11976 Mon, 27 Jan 2014 10:07:00 +0000 http://blog.eset.com/?p=8720#comment-11976 I just got this call today and I didn’t have an idea about this scam so I followed the instructions, being suspicious all the way through. At first I yelled “I can’t understand you!” due to their heavy Indian accent (Yeah, I know, I sounded rude but I always get frustrated every time I get their calls ><'). Then I kept asking how they got my phone number and they kept ignoring the question. I still patiently followed all the steps until they told me to type in 'iexplore http://www.ammyy.com'; in the command box and that was when I was sure this was a scam. I didn't click run but instead went on google and typed in 'ammyy' and got a whole list of scam reports. I asked them "Is this a scam?" They said "Ma'am why would I waste time and money calling you, this is legit…" Well I didn't hear the rest because I hung up on them. Now that I know it was a scam next time I'm so gonna troll them until they get frustrated and hang up!

]]>
By: Paul http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-11974 Fri, 24 Jan 2014 15:35:00 +0000 http://blog.eset.com/?p=8720#comment-11974 I received a call like that this morning. A guy with an Indian accent, claiming to represent Microsoft, informed me that computer was sending error messages to Microsoft. In my case at least, I knew immediately that this was impossible as my Windows laptop is only used for digital mode ham radio (PSK, JT65, RTTY), and there is no internet connection here. What can I say, I live in a rural area and satellite just costs too much. Anyway, the guy wanted me to turn on my laptop but I offered to call him back. This terminated the call. I’ve never had a call like this until this morning. From the sounds of activity in the background, like a typical call center, which could be canned of course, it appears that this is a substantial operation. Thanks for the article.

]]>
By: JJ http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4489 Thu, 23 Jan 2014 18:26:00 +0000 http://blog.eset.com/?p=8720#comment-4489 An elderly friend of mine got scammed yesterday. They gained access to her computer then demanded her credit card # in order to fix the problems. She refused but they had already changed or activated the windows xp boot password. Is there a way to fix this or do we have to format the hard drive?

]]>
By: Jerrod http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4479 Wed, 15 Jan 2014 19:20:00 +0000 http://blog.eset.com/?p=8720#comment-4479 I got this call today from “Windows support”. I knew it was a scam as soon as she said windows support. I got her to repeat everything at least 4 times, but the best was going through all of the CLSID numbers. I asked her to stop and go back maybe a dozen times. Its a very long string of numbers, so you can imagine how exasperating that would be. 888DCA60-FC0A-11CF-8F0F-00C04FD7D062. They’re so confident that they have the number (which is the same on everybody’s computer) that she actually gave herself an ‘out’ by saying that if the number didn’t match I could hang up. After a good 10 minutes of repeating it, I just told her that “nope, thats not the number I have. one of the zeros is different.” She sounded so dejected but lived up to her promise and said good bye. Yay!

]]>
By: DaveBinAZ http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4473 Mon, 13 Jan 2014 20:48:00 +0000 http://blog.eset.com/?p=8720#comment-4473 http://www.teamember.com is yet another that asks to remotely connect through their software. They said they worked for Microsoft. I said I use an old OS, xp which isn’t serviced anymore (but which is an awesome OS). I asked for some examples of the ‘infections’. They dodged. I asked how they got my phone number. It was ‘provided by Microsoft’ they said. On and on. I wasn’t busy and managed to take 45 minutes of their time and it was great fun. I even offered to let them access my system through the built in remote session service (which i knew they wouldn’t do) and they said the infections wouldn’t allow it! My event viewer was just cleaned out through another program and had no warnings, etc. They said that the infections were ‘keeping them hidden’. LOL!! GEEZ! These guys had a tremendous propagation delay, at least half a second, but they claimed to be calling from CA. Yes, it could be their phone system is routed super slow, but more likely their origin was New Deli, or somewhere.

]]>
By: Peter http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4472 Mon, 13 Jan 2014 11:57:00 +0000 http://blog.eset.com/?p=8720#comment-4472 Ive had yet another of these idiots calling. Usually I just hang up but today I was in a playful mood so kept them talking for 51 minutes. i kept ‘mistyping’ things they were saying (even though I wasn’t actually typing anything) like asocc instead of assoc and amyy.com or ammy.com just to wind them up. eventually got bored and then got a tirade of abuse saying ‘did I know how much it cost to phone me without making any money’ and then it got really funny – ‘did i know all white men are paedophiles who have sex with their mothers’ . the more i laughed at him the more the abuse came, i was genuinely crying in the end.

Please dont fall for this scam

]]>
By: Steve Yu http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4469 Wed, 08 Jan 2014 18:26:00 +0000 http://blog.eset.com/?p=8720#comment-4469 I got a same call today from a man named Ricky Martin. He too had a thick Indian accent and I can hear another Indian lady in the background talking to another poor soul. Fortunately I googled what Ricky Martin was telling me and found this chat before I followed any of his instruction. I asked for his call back number but he would not provide. He kept repeating that he was calling from the Windows Tech Service but wouldn’t mention Microsoft. I politely hung up and asked him to not call me anymore.

Thank you all for posting your experiences. They really helped.

]]>
By: KJ http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4447 Mon, 23 Dec 2013 18:41:00 +0000 http://blog.eset.com/?p=8720#comment-4447 I got this call today and my story is exactly like Steve’s below. When he wanted me to go to TeamViewer.com to get remote access I knew something was not right. I asked him to walk me through the supposed “fix” and he said he had to do it. Told him that was not going to happen. While he tried to convince me of his reasons why he needed to do it, I saw Steve’s post and then he hung up.

]]>
By: Manthan http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4435 Thu, 19 Dec 2013 09:16:00 +0000 http://blog.eset.com/?p=8720#comment-4435 Loved how you described it..

I just had a phone call, first a lady called Anna smith with indian phillipino accent( Well I am an indian so I cannot be purely racist about indian only). Asking me all these steps to do on my computer as I am a kid and someone is teaching me how to ride a bicycle for the first time. I have done Bachelors in IT and I play with computers everyday in my life.

So these are the steps they will ask you to do,
First they will show you how to loacate windows key and press R TOGETHER. then Eventvwr, Application and spot the errors and warnings. If I have more than 20 then I HAVE TO LET THEM KNOW!!!???. Then the higher technitian comes asking to go into Command prompt, ASSOC and check for CLSID.

I aregued with him for half an hour why do you care? Are you from Windows or Microsoft? Why haven’t you called in last 3 years as I have this laptop for more than 3-4 years? Why now? Where are you located? Why your number is from overseas when you say you are in NSW. So I got the point that this is just a bullshit.

He asked me to connect to one of their server to check if my system is allright. Straight away i asked him are you going to charge me anything? He says if the problem is major and because your software warranty is only for 6 to 12 months then we may have to renew your warranty so you may have to pay. I was like seriously? Software warranty? never heard that before..Anyways I asked him why microsoft or windows aren’t calling me why you? he says that windows or microsoft doesn’t care once the product is sold. good to know.!!!

I asked him that I don’t want to do anything then he says I may have to block your services. I was like who the hell are you to block my services, who gave you authority to block my services, I never saw any terms or conditions like that when I bought the laptop. Are you a police officer or federal police? He got my point that I was never gona give him any access to my laptop so he hung up. Straight away I googled CLSID and here I am sharing my experiance.

Thank you for reading….

]]>
By: David Harley http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4419 Sat, 14 Dec 2013 13:33:00 +0000 http://blog.eset.com/?p=8720#comment-4419 If you terminated your access immediately, you may be ok. It depends on whether you allowed them to install anything or not. If your system is still working, though, that does at least suggest that they didn’t do what they have done from time to time and try to trash your system in revenge for ‘wasting their time’. I can’t guarantee that they haven’t installed something unpleasant, though. If you have a good security program installed already, now would be a good time to scan your system with the most paranoid settings. If you’re still not sure, it’s worth calling in a good local support professional.

]]>
By: Paul http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4418 Sat, 14 Dec 2013 12:56:00 +0000 http://blog.eset.com/?p=8720#comment-4418 I have got the call today – indian speaking people, supposedly working form milwauky; calling from a windows service centre, forwarding me to the site windowssoft.us — i m afraid i fell for it, just until they wanted me to pay money; i let them access my system though, what am I to do now ?

]]>
By: Frank D http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4417 Fri, 13 Dec 2013 16:35:00 +0000 http://blog.eset.com/?p=8720#comment-4417 Just had this happen 5 minutes ago. Alice Williams who had a OVERLY thick accent an I had let her run her game for a few minutes. Then said “my son just woke up. I have to handle that. An she said “Sir, we can finish this quickly.. I think proceeded to ask ask her. Is this NEW computer an potential virus that you want to fix more important than my son? Ummm don’t think so Alice. Do you have a number? I can call ya back after I attend to my child. An she gave up 1-800-986-4764 an sounded very frustrated with me… boo hoo?

]]>
By: Pontiaku http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4404 Mon, 09 Dec 2013 01:24:00 +0000 http://blog.eset.com/?p=8720#comment-4404 Lol, witness a live call http://www.liveleak.com/view?i=212_1386543691

]]>
By: restless http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4403 Mon, 09 Dec 2013 01:13:00 +0000 http://blog.eset.com/?p=8720#comment-4403 if they try this on me I will string them along for as long as I can, but eventually I will have to ask them where the enter button is on my Etch-a-Sketch

]]>
By: AKS http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4389 Mon, 02 Dec 2013 18:10:00 +0000 http://blog.eset.com/?p=8720#comment-4389 They keep on calling me with the same clsid thing…they say that they are from it solutions company not sure if they are …wonderful thing is that I am not using windows and they report that i have issues with my operating system which is windows :-)

]]>
By: jack http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4384 Sun, 01 Dec 2013 18:25:00 +0000 http://blog.eset.com/?p=8720#comment-4384 i had them ring yesterday. i played dumb but played along with them. i kept asking them questions including asking them if i could call the back. i was eventually put on to the supervisor. i kept the on the phone for 33 minutes and ended the call with asking if they felt guilty and if they slept at night followed by an evil laugh. they then hung up on me. i love it when they call. its so much fun

]]>
By: Dave http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4383 Sat, 30 Nov 2013 18:13:00 +0000 http://blog.eset.com/?p=8720#comment-4383 I just got off the phone with the exact same scam. I was skeptical from the beginning but played along until they wanted me to go to http://www.teamviewer.com. My son cautioned me from taking that step so I did a search on CSLID and found this post. Glad you had posted the same number as that proved to me what I suspected all along.

]]>
By: Rav http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4375 Wed, 27 Nov 2013 22:53:00 +0000 http://blog.eset.com/?p=8720#comment-4375 I was called with the same Scam this evening from +131 5642 4364.
First he got me to run the Assoc command.
Then he told me to open event viewer and observe all the red dots errors.

My little joke was to tell him that there were no errors in the event log. This perplexed him somewhat and he gave up.

I could see how a non-IT literate person could fall for this scam, though.

]]>
By: Big Slim http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4370 Sat, 23 Nov 2013 14:49:00 +0000 http://blog.eset.com/?p=8720#comment-4370 Thanks for this site. I was becoming to believe what I was being told, but immediately I received the phone call, I switched the PC off. They tried to persuade me to switch the PC back on. Told me my CL SID number was 00C04FD7D062, from that they’d obtained my phone number from the UK database and the UK server shows that my PC has downloaded malware which I would not be able to remove myself. There phone number provided when I asked was 2537 850 721 and the technician could be spoken to on UK 702 406 6231. Their website was provided as http://www.safeinc.com.
I had a good laugh reading the posts on welivesecurity.com, they are so similar to my received phone call. To add to the comedy list, my caller did not who makes/produces Windows or what company he worked for.

]]>
By: Larry http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4369 Thu, 21 Nov 2013 17:49:00 +0000 http://blog.eset.com/?p=8720#comment-4369 I received a call today almost exactly as described above. Indian accent but good English but very pushy. Did the ASSOC scan and red me the number. He asked me to use the EVENTVWR command in the run prompt. I wrote it down but did not enter it. By this time I was on to this was fishy. He told me that at the end of the call he would be billing me for his time to fix my problem. By this time I was convinced this was not legit and I told him this was crap. He said I would not be able to use my computer anymore because my license from windows had expired. He also gave me a phone number – 855-677-5556. I did not call this as I don’t want to give out my number.

]]>
By: CDailey http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4363 Tue, 19 Nov 2013 16:50:00 +0000 http://blog.eset.com/?p=8720#comment-4363 Out of the blue, I get this phone call (Florida caller ID)
with a hyper-sounding India guy from “Microsoft Technical Support” stating that
my computer had been sending error messages to them. I knew about this little scam, because they
had called me a month before and lead me on their wild-goose-chase. I decided to play along. To prove who he was, he gave me his phone
number 1-855-517-6253 and his company website http://www.smartsnake.com. Not sure if they are with this company, or
just using it.

The first step, he said, was to find the computer that was sending the
messages. He said it was the computer
that I do most of my on-line banking and shopping with. He assured me it was not my son’s gaming
computer. I question him on how he knew
this, since he could not give me the MAC address of the computer. I’ll show you, he said. He led me through the painfully slow process
of identifying my C-t-r-l key and my Windows key and spelling out the A-S-S-O-C
command prompt to get to the CLSID screen.

.zfsendtotarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}. I knew this was the same number on all
computers, but played along assuring him we had found the “right” computer.

On our journey, we visited the Windows Event Viewer and set the filter
to show errors. He asked me if I knew
how to fix these errors. Of course, I
said no. He said, I am helping you fix
all of these free of charge. We also
downloaded SuperAntiSpyware (which is free to anyone), which, of course, showed
me all of the problems my computer had.

When we got to the LogMeIn Rescue screen (this is where they can log
into your computer and take control of it; never do this for anyone you don’t
know), to start the download. At this
point, I told him it was not working. He
asked me what the screen says, and I told him “You do not have
permission”. He sounded confused, and
gave the phone over to another technical expert.

We went through the spelling lesson again, this time with A-M-M-Y-Y
(remote desktop). Again, when it got to
the screen to give them access, I said it was not working.

I eventually went through 3 technicians before I heard the click. How rude, they hung up on me. I was hoping to get on their do-not-call
list. I guess I will just have to wait a
month or so to find out.

]]>
By: Rachel http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4362 Tue, 19 Nov 2013 02:06:00 +0000 http://blog.eset.com/?p=8720#comment-4362 We got a call today saying that he is from gmail support and that they have received complaints about spam emails from my daughter’s email acct. I took the call pretending that he is talking with my daughter. They gave a callback number (18882036814). The caller ID showed the name daniyal – funny that he gave the name Daniel Creg when I asked his name (and that’s how he spelled the last name). Anyway, I told him I’ll call back once I have contacted gmail but unfortunately gmail has no contact number. I called back and asked them how they got the home phone number when it’s not even the number used when my daughter signed up with gmail. They hung up. I traced the number to Techno Alabama. The accent is definitely Indian. I wonder where they get the info – they have the email address, home address and home phone number.

]]>
By: Paul http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4349 Sat, 16 Nov 2013 20:19:00 +0000 http://blog.eset.com/?p=8720#comment-4349 Trying to convince me that my router ip address, which is 192.168.xx.xx for almost every router is my assigned ip address. Wanted me to type in to a command prompt assoc and provide them with my clsid. When I asked her to send me an email since she called me and I don’t know who she is, (supposedly Microsoft line support, following up on illegal activity on my ip address occurring all over the country), since she seems to have all my info, she hung up. She got nothing from me. Not planning on reporting it, I think it’s probably a waste of time.
Paul

]]>
By: eric http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4346 Sat, 16 Nov 2013 03:18:00 +0000 http://blog.eset.com/?p=8720#comment-4346 They callied now several times, caller ID is 642 11111111. Asked for the company he said beta secure.com. He hang up after 10+ minutes asking him questions. If you want to practice, call the number on the website, I bet it is an Indian accent :-)

]]>
By: Alice Coltharp Dean http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4345 Thu, 14 Nov 2013 23:03:00 +0000 http://blog.eset.com/?p=8720#comment-4345 got this call today. from “Windows Live Advantage” group claiming my cls id was leaked out to the internet and anyone could get this and hack into my computer. I didn’t have malware because i let norton expire and didnt realize I was missing my AVG. Any way i typed in ASSOC and event uploaded http://www.teamviewer.com and connected with the guy named Eric with what sounded like an asian accent. anyway when they transfered me to their supervisor I asked why and then the supervisor started the sales pitch and for $149 he would clear my problem and I said no and I wouldn’t have listened to this further. Then the price went down to $89. I wanted to disconnect and then he hung up on me. i know better and even though i was sceptical i continued all the while asking questions but i willnot fall for that again.

]]>
By: tenagirl http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4338 Tue, 12 Nov 2013 02:40:00 +0000 http://blog.eset.com/?p=8720#comment-4338 I too just had a call. They said they were from “Microsoft Support”… They did tell me the CLSID and I said that I was not impressed and hung up. It came in as a “Private Caller”. I called another number from this lot (hub got a call and hung up). They answered Microsoft Support. THAT has to be illegal. Any ideas? 1 347 796-4494 This time they said…”Welcome to tech support” What a scam…

]]>
By: Steve http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4332 Fri, 08 Nov 2013 18:39:00 +0000 http://blog.eset.com/?p=8720#comment-4332 I had the same experience today, an indian accent called me today saying the same thing. He wanted to remote access my pc. Told him i do not know who he isand where he is from. He went onto say that he was working on behalf of Windows. When he asked me to type in assoc and then wanted remote access. I figured out he was a scammer and reported him to the police and internet fraud team. Be aware!

]]>
By: Joe Lewis http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4312 Wed, 30 Oct 2013 21:46:00 +0000 http://blog.eset.com/?p=8720#comment-4312 I wish I had been there when finefeathered was called! We got the call too, and the caller’s Indian accent was stronger than his English, so I really couldn’t understand what he wanted me to do. I’m relieved to find that the CLSID is not unique.

]]>
By: Roberta - Italy http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4288 Wed, 23 Oct 2013 11:16:00 +0000 http://blog.eset.com/?p=8720#comment-4288 Just happened to me in Italy – guy claims to be called James Parker from WindowsSoft.us now, service provider for Microsoft TechSupport. He read out this CLSID when I was showing my scepticism, to try and get me to download the ammy exe from WindowsSoft.US Contact Us page (so “ammy” was not mentioned at all during the conversation) I cut him off telling him it was an unsollicited call and asking him to send me verifiable info by email (since he had my tel number, I told him he surely had my email address as well) and hung up.

]]>
By: Rony http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4287 Wed, 23 Oct 2013 05:44:00 +0000 http://blog.eset.com/?p=8720#comment-4287 Happened to me today in Australia. Guy with strong Indian accent claimed to be from Telstra and threatened to cut me off the internet as my computer is infected with the viruses. He said they sent several warning messages previously. Then he asked me to open a browser and go to ammyy webpage. Seeing scam alerts I hung up at that point.

]]>
By: Mm http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4285 Fri, 18 Oct 2013 20:35:00 +0000 http://blog.eset.com/?p=8720#comment-4285 I have been receiving these type of calls lately and I usually hang up when confirming the number/I’d they ask for. But last night this ‘John’ person was really aggressive, telling me that there have been complaints from my IP address about scam emails sent to the government, that there have been mentions of bombs and terrorism in my messages, and he asked me if I was one of them. Then he said that lots of porn has been downloaded from my pc if I was downloading it or not! When I said yes to everything (obviously not believing anything) he got mad asking me if I thought it was a joke that he had my phone number((of course…..he was the one calling, not me) and he had my address ( that he couldn’t even pronounce in English) and of course that the called was being recorded. As usual, I followed his speech but when coming to confirm the claims number I hung up on him.
I guess they are not getting to many people to believe them, nowadays, and they are getting really aggressive now.

]]>
By: sleep http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4283 Thu, 17 Oct 2013 12:09:00 +0000 http://blog.eset.com/?p=8720#comment-4283 got call from india said assoc is my computer id. wanted 499 10 year support, 99 one repair. he had we fooled for a while.he said someone was using my computer as a slave to download music.

]]>
By: A. B. http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4282 Tue, 15 Oct 2013 14:17:00 +0000 http://blog.eset.com/?p=8720#comment-4282 I got this call today. I cant say if the Accent was Indian bút it sounded like this. Inerestingly the phone number was not anonymous.
The number the call came from was: 0015672539999

]]>
By: Spectrum Data http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4272 Sun, 06 Oct 2013 19:40:00 +0000 http://blog.eset.com/?p=8720#comment-4272 I kept one guy on the line for a half hour and every once in a while, after making up appropriate answers to his questions, I would ask him “Should I turn my computer on now?”. Great confusion on his end and my call was escalated to a master manager. They finally gave up.

]]>
By: Spectrum Data http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4271 Sun, 06 Oct 2013 19:35:00 +0000 http://blog.eset.com/?p=8720#comment-4271 Yes, it’s sad that when you have an HP service contract they end up handing you off to a third party contractor who says your particular problem is not covered under the contract. They then try to sell you an add-on contract which will cover your problem.

]]>
By: Kevin http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4266 Sun, 29 Sep 2013 02:15:00 +0000 http://blog.eset.com/?p=8720#comment-4266 I rec’d a call on this scam today and the phone ID was Private Caller. I personally like to mess with Cold Callers so I answered the phone and played with him. He told me I had a virus and ran through the process described above but when he asked me what I saw. He was not expecting me to say a black screen, once he understood, he told me to restart my computer which I pretended to do so. We went through this process 3 times before I told him I got a Command Prompt, the he asked me to input the information above and that is when I told him I was not in front of a computer. At this time he was confused as he did not understand english very well and started talking in a foreign language, after a while he came back to me and said good one, that was when he hung up. Beware of what you give out on the phone or the internet and when you do have an issue call them.

]]>
By: Mattias http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4263 Wed, 25 Sep 2013 14:11:00 +0000 http://blog.eset.com/?p=8720#comment-4263 I had a call from these morons today, and got suspicious right away since this was not a “service” i had asked for. Indian accented english speaker calling from Windows Support center. My first thought was, noone ever helps completely random strangers with computer problems.
I got the instructions to ceck the CLSID assoc, then i had to hung up on him. He asked me to check and then he would call back in an hour. I took this time to google CLSID and ended up in this page confirming my suspicions. When he called back he explicitly asked, “do i have your trust now?”. I replied no and that I knew all about their scam and told him not to call me again.
Thx for a great post, I shared it on facebook to spread the word.

]]>
By: David Harley http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4259 Tue, 24 Sep 2013 14:16:00 +0000 http://blog.eset.com/?p=8720#comment-4259 Bob j: we think it was probably a netstat window that he showed you: one of the columns it shows by default is ‘foreign address’. I’m not sure which option you might have been directed to use, though: I’m going to try to find some time to check that out further.

]]>
By: Brenda http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4257 Mon, 23 Sep 2013 20:22:00 +0000 http://blog.eset.com/?p=8720#comment-4257 I have received four calls from these guys in the past week. Today, I asked for a callback number so I could call when I actually had access to my PC. I didn’t bother to test the number, but have now filed complaints with the FCC and the FTC. It is sad to think how many folks must fall for this rot.

]]>
By: carl http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4256 Mon, 23 Sep 2013 15:17:00 +0000 http://blog.eset.com/?p=8720#comment-4256 hi yeah just received the call from a lady with a middle eastern accent. i spent about 5 minutes on the phone to her while she was trying to tell me i had some serious issues with my laptop, she said she was from a company called I.T. solutions so i said let me just google your company a second, so i get to the website of the company she claims she is from and at the top of the webpage there a n alert banner saying that people are using there name to get remote access to peoples pc/laptop i relay this message to her and she hangs up. i mean i was really interested “sarcasm”.

]]>
By: Kan http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4250 Sat, 21 Sep 2013 06:35:00 +0000 http://blog.eset.com/?p=8720#comment-4250 Scammer: (Middle eastern accent) This is windows tech support team. Your computer is in critical condition. We are specialists, and I am here to help. I know your CLSID. Now tell me what operating system are you using?

Me: Linux…

Scammer: I am sorry, NOW TELL ME what operating system you are using or else I’ll have to terminate your service!

Me: LINUX!…

Scammer: WHAT? Tell me what operating system you are using? Vista, 7, XP, 8. Are you the owner of a computer?

Me: YES. And I TOLD YOU THAT IT’S LINUX FOR THE GAZILLIONTH TIME….

(It went on for about 2 more times… I had fun trolling this worthless idiot who doesn’t even know what linux IS and claims to be a tech specialist for windows… LawLz…)

]]>
By: Bob J http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4248 Fri, 20 Sep 2013 22:46:00 +0000 http://blog.eset.com/?p=8720#comment-4248 I’m in Georgia, USA. Received this call. He made it sound like it was Microsoft Support. He said they received notification that my computer would not receive Windows Updates because it was infected. I was skeptical, but came close to being sucked in. I would not let him have access to my computer at first, but allowed it after he answered several questions and he directed me to the CLSID. I was ignorant to the fact that the number is not unique. He turned me over to “Sam”. He first used AMMYY and then used LOGMEIN. When I questioned how they could tell my computer was infected, he directed me to do something. A window showed several IP addresses (all my computer) and another number next to each IP address that looked like MAC addresses, but I am not certain. The next column had a label of some sort that I can’t remember, but it seemed to indicate that each was a foreign or infected file. All these showed a date of 9/17/2013 (which I remember because I tried to think of websites I visited on that day). I do not remember how I accessed that information. Can someone tell me how to do that so I can repeat it? The bottom line is that he wanted me to subscribe to a service from gtechsupports.net, which I declined until I did some research. After discovering that this is a scam I did a system restore to several days ago. Also, I am running several security scans. I would still like to know about the files “Sam” showed me that he said were the problem.

]]>
By: Melanie Bull http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4247 Fri, 20 Sep 2013 12:31:00 +0000 http://blog.eset.com/?p=8720#comment-4247 This is still going on! Just got a call Sept 2013 – I’m in the UK – they push and push you to type in ASSOC to give them computer ID.I refused until they could prove who they were by other means.

]]>
By: Pieter Jelle http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4245 Thu, 19 Sep 2013 10:25:00 +0000 http://blog.eset.com/?p=8720#comment-4245 The guy I had on the phone was from a company called Tech Resolver and is supposedly situated in Albany, New York. He was describing a similar procedure (as described by David Harley) that I was supposed to follow. I didn’t trust it and told him that I needed more information in regards to this procedure, their company and so forth. I hang up the phone. The website of Tech Resolver that I found didn’t have any address associated to it; giving me even more reason to believe that this was a source that couldn’t be trusted. I’ve tested my firewall and can’t seem to find any holes, nor any malware on my system or viruses, so I already found it hard to believe that they could somehow detect that my computer was being hacked.

]]>
By: Joe http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4243 Wed, 18 Sep 2013 17:09:00 +0000 http://blog.eset.com/?p=8720#comment-4243 Just got off the phone with someone doing this scam. I knew from the start and was able to keep them on the line for 11 mins. Was even able to talk to his “manager”. They were really bad at it as they went from working for Microsoft to then working for Best Buy and being contracted by Microsoft to do the calls. In the end they hung up on me.

]]>
By: maziej http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4205 Sat, 31 Aug 2013 14:09:00 +0000 http://blog.eset.com/?p=8720#comment-4205 Thank you for the article. I was called about half an hour ago. I am married to a geek so a little wisdom has sunk in and I suspected a scam from the start. I asked the guy if his very strong Indian accent was from Minnesota, he said no, he was from China. I asked if this was a scam and he got angry and said if you “use the google to anyone’s name you will find it linking to a scam.” I googled my name, no scam, and told him so. He offered to send my name to the googles and in ten minutes my name would be connected to a scam and asked for my name. I replied that he should have my name if he had my registry information and worked for Microsoft as he claimed. He just started the script over and I said call back later, I need to have a wee. I hope he calls when hubby the geek is home, that would be fun to hear.

]]>
By: Alan http://www.welivesecurity.com/2011/07/19/support-desk-scams-clsid-not-unique/#comment-4201 Thu, 29 Aug 2013 19:23:00 +0000 http://blog.eset.com/?p=8720#comment-4201 Thanks very much for this excellent article, I was able to read it verbatim to the nice Indian chap from New Jersey, though I did have to tell him the definition of the word scam!

]]>